From 564cd2a8926ccb1dca43a535073540935b5e0373 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Tue, 31 May 2016 23:46:14 +0000
Subject: upstream commit

Ensure that the client's proposed DH-GEX max value is at
 least as big as the minimum the server will accept.  ok djm@

Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
---
 kexgexs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kexgexs.c')

diff --git a/kexgexs.c b/kexgexs.c
index 8c5adf7e4..3caab12de 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.26 2015/12/04 16:41:28 markus Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.27 2016/05/31 23:46:14 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -89,7 +89,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
 	nbits = MIN(DH_GRP_MAX, nbits);
 
 	if (kex->max < kex->min || kex->nbits < kex->min ||
-	    kex->max < kex->nbits) {
+	    kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
 		r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
 		goto out;
 	}
-- 
cgit v1.2.3